ASA access control list with cross-user authentication _03

Source: Internet
Author: User

Access Control List

ACLs can be used for interfaces, as well as global

Interface access control lists can only control traversal traffic (except session connections)

All traffic terminated to the ASA, controlled by different administrative access lists (e.g. SSH 0 0 DMZ)

All the ASA initiated is allowed

The ASA configures the same priority ACL is to squeeze the original and the router is directly replaced

Interface rules and security

Default: Outbound (High-low) allow, inbound (low-to-high) rejection

Interface rules: input (Main) control change interface entry, output control out

enable password cisco                         //telnet requires the Enable password same-security-traffic  permit inter-interfacesame-security-traffic permit intra-interfaceaccess-list out  extended permit tcp any host 192.168.117.100 eq telnet // Two aclaccess-list out extended permit tcp any host 192.168.112.100 named out  eq www access-list out extended deny ip any any log          //log deny Packet access-group out in  interface outside                 //applies out acl-list to the outside interface router ospf 1                                          //the following routes  network 192.168.12.0 255.255.255.0  area 0 network 192.168.17.0 255.255.255.0 area 0 log-adj-changes  default-information originate always   time-range onwork                          //set a time range      periodic weekdays 9:00 to 19:15  access-list out line 1 extended permit tcp host 192.168.116.100  host 192.168.117.100 eq telnet time-range onwork                           //acl takes effect within the time frame

Objet-group

A network segment protocol port can be made into a collection for invocation, and can be nested to call

.....................................

This article is from the "Try" blog, so be sure to keep this source http://beening.blog.51cto.com/9079117/1788164

ASA access control list with cross-user authentication _03

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.